Tuesday, November 30, 2010

ASP.Net authorization and Custom Role Provider

In the application I was developing, I had custom role provider implemented for laying out the menu items depending on the privilege each web user has. It had been a while since this part of the application was done. Towards the end of development a requirement came up to redirect users to a "Request Access" page if they do not have access to the application.

I thought of implementing this the easiest way by setting values for in web.config.
< authorization>
< allow roles="AppAccessGroup"/>
< deny users="*">
"AppAccessGroup" was a group I created on my local machine with my NT-id as a member of the group.
But it didn't work right off the bat, and that was confusing. I also had Anonymous access turned off in IIS, so the browser was prompting me for NT credentials. While trying to figure this out, I had a surprising find here: http://blogs.msdn.com/b/dougste/archive/2006/07/27/680031.aspx

But that fix didn't work too.

After a while it stuck me that it may be the custom role provider and I commented that out, to test. And voila!, it worked.

I hadn't seen anybody mention this anywhere, but sure somebody must have had this issue and figured it before.